General
-
Target
Swift Copy.r15
-
Size
419KB
-
Sample
210910-gfrvvahdh8
-
MD5
71c02369bd25414f5a3920c20827da43
-
SHA1
d4413905513ebe4747483000c4e1a5bcb9659217
-
SHA256
b9a356a5663584e2884e23d86b1e77ec79740307591a7f3bda33372c123ec0df
-
SHA512
7fb74ce8eecb5b4d29e2439e661edcde5d7cc52886de698bb4907fe1ce726aa0c6a6b1960ea0badbeecee4e2bc1f61120845e853dcbc3831492a8e5f312e16d2
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
n58i
http://www.biosonicmicrocurrent.com/n58i/
electrifyz.com
silkpetalz.net
cognitivenavigation.com
poophaikus.com
orchidiris.com
arteregalos.com
dailybookmarks.info
gogoanume.pro
hushmailgmx.com
trjisa.com
notontrend.com
2020polltax.com
orderhappy.club
panggabean.net
govsathi.com
hrsbxg.com
xvideotokyo.online
lotteplaze.com
lovecleanliveclean.com
swaphomeloans.net
arcadems.info
creatingstrongerathletes.com
follaproperties.com
i-postgram.com
bootybella.fitness
avtofan.net
bimbavbi.com
yourtravelsbuddy.com
laiofit.com
ofnick.com
2g6gc6zma9g.net
phamthanhdam.com
shopteve.com
add-fast.com
studioloungemke.com
maxtoutfitness.com
mapleway.systems
login-settings.com
affoshop.com
hupubets.com
3energyservices.com
ccmfonline.com
keyhousebuyers.com
curvecue.com
developerdevelopment.com
jamesdunnandsons.com
devyassine.com
dongyilove.com
alienpuran.com
tuolp.com
bidprosper.com
feerd.com
acmeproxy.com
thechoicemediagroup.com
inspirespeep.com
leesangsoon.com
highheatcards.com
xn--yk3b99erra.com
rawfasteners.com
alfaniyaa.com
bellesaesthetics.com
ccequityholdings.com
carrolpuppies.com
huttibazar.net
Targets
-
-
Target
Swift Copy.exe
-
Size
459KB
-
MD5
3b2a3fb863cf4f30e508e7be83d5adc7
-
SHA1
b81ab8811217e31a7ff73e6defd0c51b0ceba101
-
SHA256
acf3df7da4bdf99226ab8574e15d1145e46e28605afdf660f1fb19b1d061c386
-
SHA512
c24ad26caea342de74148c29f45a1891d19989f8af63ba51da2877ad7bcf65a2f4449f1b8f638d38efd5ce44e14b8dc58930fcb9fe53563eac26ce64f211214d
-
Xloader Payload
-
Suspicious use of SetThreadContext
-